From 88e96e621cbcdca3498d98526974154436bd5f58 Mon Sep 17 00:00:00 2001
From: Trivikram Kamat <16024985+trivikr@users.noreply.github.com>
Date: Tue, 28 Jul 2020 13:47:55 -0700
Subject: [PATCH] fix: add region validation using DNS Host label regex (#1402)

---
 .../src/EndpointsConfig.spec.ts               | 26 ++++++++++++++++---
 .../config-resolver/src/EndpointsConfig.ts    |  7 +++++
 2 files changed, 30 insertions(+), 3 deletions(-)

diff --git a/packages/config-resolver/src/EndpointsConfig.spec.ts b/packages/config-resolver/src/EndpointsConfig.spec.ts
index e8c772070446..529be57211b5 100644
--- a/packages/config-resolver/src/EndpointsConfig.spec.ts
+++ b/packages/config-resolver/src/EndpointsConfig.spec.ts
@@ -85,9 +85,29 @@ describe("EndpointsConfig", () => {
       describe("throws error", () => {
         const error = new Error("error");
 
-        it("if region throws error", () => {
-          region.mockRejectedValueOnce(error);
-          return expect(resolveEndpointsConfig(input).endpoint()).rejects.toStrictEqual(error);
+        describe("if region", () => {
+          it("throws error", () => {
+            region.mockRejectedValueOnce(error);
+            return expect(resolveEndpointsConfig(input).endpoint()).rejects.toStrictEqual(error);
+          });
+
+          it("is invalid", () => {
+            [
+              "",
+              "has_underscore",
+              "-starts-with-dash",
+              "ends-with-dash-",
+              "-starts-and-ends-with-dash-",
+              "-",
+              "c0nt@in$-$ymb01$",
+              "0123456789012345678901234567890123456789012345678901234567890123", // 64 characters
+            ].forEach((invalidRegion) => {
+              region.mockResolvedValueOnce(invalidRegion);
+              return expect(resolveEndpointsConfig(input).endpoint()).rejects.toStrictEqual(
+                new Error("Invalid region in client config")
+              );
+            });
+          });
         });
 
         describe("if regionInfoProvider", () => {
diff --git a/packages/config-resolver/src/EndpointsConfig.ts b/packages/config-resolver/src/EndpointsConfig.ts
index c9d8958b4d4b..a03c369f9718 100644
--- a/packages/config-resolver/src/EndpointsConfig.ts
+++ b/packages/config-resolver/src/EndpointsConfig.ts
@@ -45,9 +45,16 @@ const normalizeEndpoint = (input: EndpointsInputConfig & PreviouslyResolved): Pr
 const getEndPointFromRegion = async (input: EndpointsInputConfig & PreviouslyResolved) => {
   const { tls = true } = input;
   const region = await input.region();
+
+  const dnsHostRegex = new RegExp(/^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]{0,61}[a-zA-Z0-9])$/);
+  if (!dnsHostRegex.test(region)) {
+    throw new Error("Invalid region in client config");
+  }
+
   const { hostname } = (await input.regionInfoProvider(region)) ?? {};
   if (!hostname) {
     throw new Error("Cannot resolve hostname from client config");
   }
+
   return input.urlParser(`${tls ? "https:" : "http:"}//${hostname}`);
 };